| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. |
| Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. |
| It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. |
| A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 |
| The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system. |
| An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. |
| An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. |
| Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06. |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016). |
| An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016). |
| The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. |
| cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). |
| cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). |
| cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). |
| cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). |
| cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). |
| cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). |
| cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). |
